Sujith Panikkar, functional safety expert from HIMA Asia Pacific provides an overview of the functional safety standards that require facilities to consider cyber security threats, what operators need to know and how to ensure they are compliant
SIS safety lifecycle management in the context of Singapore's safety case regime
The Singapore safety case regime, which became law on 1st September 2017, places increased responsibility on operators to manage safety in their Major Hazards Installations (MHI), making use of best practices and standards to keep risk reduced to ALARP (as low as reasonably practicable) levels though out the lifecycle of the installation.
The SIS (Safety Instrumented System) is a key active protection barrier in most process plants. Managing the SIS requires end users to follow the guidelines and principles detailed in the IEC 61511 standard (functional safety – Safety Instrumented Systems for the process industry sector).
It is also a requirement in the safety case to demonstrate how safety-related control systems have been designed and being operated and maintained to ensure safety and reliability. In this context the 'Safety Case Technical Guide' and the 'Safety Case Assessment Guide' published by the Singapore Ministry of Manpower - Major Hazards Department points to the IEC 61511 and Functional Safety Management for guidance.
The latest release of the IEC 61511 standard (Edition 2) in 2016 further emphasises the responsibility of end users to manage Safety Instrumented Systems (SIS) through the life cycle of the installation.
In the recent years, with increasing frequency of cyber-attacks on industrial installations, concerns regarding security of SIS installations have come to the fore creating additional challenges for end users.
Conventionally, the design of safety instrumented systems is based on identification of process safety hazards and putting in place safety instrumented protective functions to prevent consequences. This is usually approached by well-established methods for HAZOP/ SIL Classification.
It needs to be taken note that the process safety hazards analysis does not usually involve an evaluation of cyber-security vulnerabilities and threats. However, when a cyber-attack takes place on control and safety systems, the consequences can be quite similar to those arising from process safety hazards.
As evident from incidents like the Ukraine power grid outage in 2015, caused by hackers who managed to gain entry into the control systems unnoticed and then forced a blackout leaving over 230,000 residents without power or the STUXNET, in 2010, which affected nuclear facilities in Iran, the consequences of a cyber incident can be quite similar to that of a process safety incident with implications on people, environment and assets.
With cyber-attacks on industrial control and safety systems becoming a reality, operators of MHIs are now forced to examine a new scenario:
'Are safety instrumented systems responsible for protecting your MHI secure?'
Making safety instrumented systems secure
Ensuring security of safety instrumented systems requires a special strategy. This approach is based on three cardinal principles accruing from IEC 61508/ 61511 and IEC 62443 standards:
• Protection of safety functions: security effectively prevents negative influences of threats to SIS and their implemented safety functions
• Compatibility of implementations: security does not interfere with safety and vice versa
• Protection of security countermeasures: the safety implementations do not negatively compromise the effectiveness of security implementations
In order to ensure security of the SIS, there are well established approaches that involve the deployment of a cyber security lifecycle based on the guidelines of IEC 62443, using principles of defence-in-depth, segregation by zones and conduits etc.
To ensure the safety of Major Hazards Installations, operators now have a major task in hand: to review the architecture and design of their existing SIS protecting their installations to ensure these are secure as well.
Panikkar will be speaking more about functional safety standards and cyber security threats on the morning of the second day of the Tank Storage Asia conference. For more information, visit www.tankstorageasia.com.
A new deepwater midstream frontierRegulatory update for US tank terminal operators Capturing hidden storage opportunities Make room for the boom From short to long - the US oil revolution Optimising the US Gulf Coast energy potential Storage stability amid a mixed production picture in the Americas Storage for Europe's energy transition Storage for a growing product market Should the industry rethink storage tank fire protection